Identity Provider Operations Engineer
The Opportunity:

Identity services are foundational to modern cybersecurity and mission operations. Maintaining secure, resilient, and highly available authentication and access management systems is critical to supporting enterprise users and protecting mission systems from unauthorized access.

As an Identity Provider (IdP) Operations Engineer, you'll support the ongoing operations, maintenance, sustainment, and troubleshooting of enterprise IAM and federation services in support of Zero Trust initiatives and mission-critical environments. In this role, you'll help ensure the reliability, security, and operational readiness of authentication and federation platforms used across the enterprise.

You'll work closely with cybersecurity teams, system administrators, network engineers, and mission stakeholders to support daily IAM operations, resolve authentication and federation issues, maintain access management services, and ensure compliance with organizational security policies and standards.

Your responsibilities will include monitoring identity systems, troubleshooting SSO and federation issues, maintaining MFA and password-less authentication capabilities, supporting user lifecycle management processes, applying patches and configuration updates, and assisting with operational automation and service improvement initiatives. You'll help sustain enterprise-class identity platforms that enable secure access to critical systems and applications while minimizing operational disruptions.

You Have:

• Experience administering, supporting, and maintaining identity platforms such as PingFederate, Okta, or Entra ID in an enterprise operations environment
• Experience supporting and troubleshooting authentication and federation protocols including SAML 2.0, OAuth 2.0, and OpenID Connect (OIDC)
• Experience troubleshooting SAML, OAuth, and OIDC integrations, token exchanges, assertion mismatches, and federation connectivity issues
• Experience using scripting or automation languages such as Java, JavaScript, Python, PowerShell, or Groovy to support operational tasks, automation, and maintenance activities, and with system monitoring, operational documentation, patching, and maintenance procedures for IAM services
• Experience working with RESTful APIs to support identity platform integrations, operational automation, and user lifecycle management processes
• Experience supporting integrations and synchronization with Active Directory (AD) or LDAP environments
• Knowledge of Zero Trust architectures and operational support of multifactor authentication (MFA) and password-less authentication solutions
• Ability to diagnose and resolve complex identity and federation operational issues in production environments
• Active TS/SCI clearance; willingness to take a polygraph exam
• HS diploma or GED

Nice If You Have:

• Experience supporting and maintaining Ping Identity Suite tools including PingFederate, PingAccess, PingDirectory, or PingOne
• Experience supporting automated user lifecycle management processes using SCIM protocols
• Experience maintaining IAM platform integrations within DevOps or CI/CD operational environments
• Knowledge of Okta operational features including Okta Workflows, Custom Authorization Servers, Inline Hooks, and Okta APIs
• Knowledge of compliance and regulatory standards including NIST, FedRAMP, HIPAA, or related identity management frameworks
• Knowledge of cloud identity platforms such as AWS Cognito, Azure AD B2C, or Google Cloud Identity
• Possession of strong verbal and written communication skills
• TS/SCI clearance with a polygraph
• Bachelor's degree in Computer Science, Cybersecurity, or Information Technology

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

Compensation

Salary at Booz Allen is determined by various factors, including but not limited to location, the individual's particular combination of education, knowledge, skills, competencies, and experience, as well as contract-specific affordability and organizational requirements. The projected compensation range for this position is $86,800.00 to $198,000.00 (annualized USD). The estimate displayed represents the typical salary range for this position and is just one component of Booz Allen's total compensation package for employees. This posting will close within 90 days from the Posting Date.

Work Model
Our people-first culture prioritizes the benefits of collaboration, whether it occurs in person or virtually. To support engagement and effective communication, employees working virtually are generally expected to have their cameras on during meetings.

• Remote: If this position is listed as remote, there may still be occasions when you are required to work in person at a Booz Allen or customer facility.
• Hybrid: If this position is listed as hybrid, you will be expected to work from a Booz Allen facility frequently, in alignment with leadership expectations and the needs of the role. You may also be required to work from or visit a customer facility.
• Onsite: If this position is listed as onsite, work will primarily be performed at a Booz Allen office or customer facility, where employees will collaborate directly with colleagues and customers as required by the role.